Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lincoln Spector on Win10 keylogger


  • This topic is locked This topic is locked
59 replies to this topic

#1 brainout

brainout

  • Members
  • 1,190 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Houston
  • Local time:02:14 AM

Posted 04 September 2015 - 09:47 PM

I just found this article in PC World.  Spector was extremely approachable to all of us in PC World forum until it closed two years ago.  So when he says something, and you dispute him, he reconsiders. And, unlike many, can admit or change his position. So he's worth reading.

 

This topic shouldn't be too much of a surprise, because at installation you're told about Cortana.  At the same time, many of the Win10 fanboys like Ed Bott deny what 'Cortana' has to mean:  keylogging.  Else, it cannot work, and the installation's quite clear about that.

 

So now Spector is, too.  And what he says is pretty familiar, with one big exception: he calls a spade a spade. What Bott denies, Spector admits:  YES, built-in keylogger.

 

And since you really can't stop Cortana (turn her services off, and in 30 seconds you'll see the process restart), you can't afford any confidential data on a Win10 machine.  So if not, then why Win10 at all?  As it stands, the machine's only good for a public library, where that kind of recordkeeping is important.  Or, in Enterprise, where they can CONFIGURE what to turn off and on.  But consumers and Pro users can't do this.

 

My position on all this is too well known, so I'll say no more.  What's yours?  How does the article affect you, and what danger do you see?


Edited by brainout, 04 September 2015 - 09:57 PM.

(Away, Notifications Off) AUDIT PREMISES, my guidon.  -- brainout or brainouty on vimeo or Youtube, domain brainout.net


BC AdBot (Login to Remove)

 


m

#2 jonuk76

jonuk76

  • Members
  • 2,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales, UK
  • Local time:08:14 AM

Posted 04 September 2015 - 10:53 PM

I already turned it off in the Privacy settings, as described in the article.  I'm not terribly worried.  Google has my browsing history too, which is probably more of a worry (do they still track you in "Incognito" mode?  :unsure: ).  If they really want to know what I'm typing so much that even when disabled in the Privacy settings, it still sends keystrokes to MS then yes I'd be annoyed. Is that is what you're saying happens?

 

But ultimately I don't type anything that interesting anyway  :wacko:


7sbvuf-6.png


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:03:14 AM

Posted 04 September 2015 - 11:19 PM

So it's wrong for Microsoft to do that, but not for Apple and Google? If you think about it, anytime you get an auto-completion, you have been "keylogged".

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Willabong

Willabong

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales, UK.
  • Local time:08:14 AM

Posted 05 September 2015 - 04:41 AM

Aura, what you stated has been my position all along, why single out Microsoft when all the other major OS makers also do the same thing! 



#5 JohnC_21

JohnC_21

  • Members
  • 21,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 05 September 2015 - 06:57 AM

Here is the privacy statements of Chrome and Chrome OS and Windows

 

I think Cortana takes it to a whole new level but at least you can turn it off.

 

Microsoft Privacy Statement  -  Be sure to click Learn More under each section.

 

Microsoft collects and uses data about your speech, inking (handwriting), and typing on Windows devices to help improve and personalize our ability to correctly recognize your input.

For example, to provide personalized speech recognition, we collect your voice input, as well your name and nickname, your recent calendar events and the names of the people in your appointments, and information about your contacts including names and nicknames. This additional data enables us to better recognize people and events when you dictate messages or documents.

Additionally, your typed and handwritten words are collected to provide you a personalized user dictionary, help you type and write on your device with better character recognition, and provide you with text suggestions as you type or write. Typing data includes a sample of characters and words you type, which we scrub to remove IDs, IP addresses, and other potential identifiers.  It also includes associated performance data, such as changes you manually make to text as well as words you've added to the dictionary.

You can turn off Input Personalization at any time. This will stop the data collection for this feature and will delete associated data stored on your device, such as your local user dictionary and your input history. As Cortana uses this data to help understand your input, turning off Input Personalization will also disable Cortana on your device. At https://www.bing.com/account/personalization, you can also clear data sent to Microsoft, such as your contacts and calendar data, user dictionary, as well as search and browsing history if your device also had Cortana enabled.

 

 

Google Chrome Policy Notice

 

If you use Chrome’s AutoFill feature, which automatically completes web forms for you based on similar forms you have filled out before, Chrome will send Google limited information about the pages that have web forms, including a hashed URL of the web page and details of the form's structure, so that we can improve our AutoFill service for this web form. While the information that Chrome sends may include the fact that you typed information into the form, the actual text that you type in the fields will not be sent to Google unless you choose to store that data in your Google Account using Chrome’s synchronization feature.

 


Edited by JohnC_21, 05 September 2015 - 12:54 PM.


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:03:14 AM

Posted 05 September 2015 - 09:30 AM

One of the best example I can give is Android autocorrect feature and Google Maps (voice). Did you ever notice that the longer you use an Android phone, the more accurate the autocorrect becomes? In the end, you can write a full sentence by only typing one or two letters of each words. Why do you think that is? And for Google Maps with voice, at first the voice sounds really robotic, but the more you use it, the more it becomes "human like" and even the pronounciation starts to sound like the one from the region you live in. Why do you think that is?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 brainout

brainout
  • Topic Starter

  • Members
  • 1,190 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Houston
  • Local time:02:14 AM

Posted 05 September 2015 - 11:14 AM

Aura, just because everyone else is doing it, doesn't make YOUR doing it right.  Secondly, the argument that MSFT's 'doing it' and the others 'doing it' are the same, is also a flat lie.  JohnC_21 just reprinted the MSFT versus Chrome licenses side by side to prove it, and of course Android is much smaller.  So your argument is specious at best.

 

The moral point is different, however.  IS IT RIGHT FOR YOU TO PUT ALL YOUR OTHER CONTACTS IN YOUR MACHINE AT RISK.  That's a moral question.  It's not about you voluntarily going online and knowing that whatever you type there, will be recorded.  It's about the FAR BIGGER INVASION which is in aka.ms/msa, where MSFT scours your entire drive, asserts collection rights over it, and also policing rights.  THAT is a full keylogger.  And you just compromised the data of all your contacts, to the extent you have THEIR data on your machine.  So if you were independently in business, and you had bank account data and other sensitive stuff of your customers, you just compromised their data.

 

So your arguments are disingenuous.

 

The huge implication of this cannot be overstated. I cannot afford to have any direct, machine-to-machine contact with anyone who uses Windows 10.  Since I cannot prevent that from happening, all I can do is make sure that the computer I use to contact others, itself has no private data on it, so in the event of suit -- meaning, the Win10 contact is sued and my data is in his machine so I'm subpoena'd too -- only THAT machine will be at risk.

 

MSFT has really blown it, this time.  Will kill the company.  Tragic.


Edited by brainout, 05 September 2015 - 11:25 AM.

(Away, Notifications Off) AUDIT PREMISES, my guidon.  -- brainout or brainouty on vimeo or Youtube, domain brainout.net


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:03:14 AM

Posted 05 September 2015 - 11:21 AM

Aura, just because everyone else is doing it, doesn't make YOUR doing it right. The argument that MSFT's 'doing it' and the others 'doing it' are the same, is also a flat lie.


I didn't say that. I just don't understand why everyone is losing it over Microsoft doing it, but not Google, Yahoo!, Apple, etc. That seems a bit unfair to me. Anyway, people will only believe what they want to believe in the end.

MSFT has really blown it, this time. Will kill the company. Tragic.


Or not. I don't think you understand what this implies to be honest.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 rp88

rp88

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:14 AM

Posted 05 September 2015 - 11:54 AM

Regarding post #3 "So it's wrong for Microsoft to do that, but not for Apple and Google?"


I think the key difference is that this is happening on a user's own computer, their own OS is, it would seem, working against them and because it is the OS it sees everything. Google on the other hand only sees things types into their search engine, it does not see the whole contents of every other page (especially if you use firefox), it does not see the contents of every document you type (unless you were to deliberately upload that document to google drive without putting it in a encrypted archive first), it does not see the things you type on sites you visit (unless those sites are using google run systems to make them work).

The key difference is that this is an operating system whilst google's stuff is merely on a website.

If microsoft just logged what people typed into their websites, what people typed into bing, what people stored in microsoft run cloud accounts, what people did in microsoft run webmail email systems, then there wouldn't be much that they could be faulted on, the reason that this is seen as so wrong is because it is the entire OS logging everything.

When a site is known to log data you can be careful about what you put into that site and search for other things using other sites, if it's your own OS doing this then you can't do much to avoid it (short of switching OS, which with manufacturers now being allowed (though not yet required) to sell computers where the user cannot deactivate secureboot, is getting harder daily), nothing on the system is safe from it.

Edited by rp88, 05 September 2015 - 11:54 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:03:14 AM

Posted 05 September 2015 - 12:09 PM

Because you think this isn't happening on Apple OS X and Google Chromebooks? What's the difference there? Both companies have their own computer series and OS. So they keylogging also happens directly on their computer. Why is is sudden such a big deal on Microsoft, but not on the others?

Plus, I'm sure it's way worse with Chromebooks, since the OS is way closer to a "Cloud OS" than Windows, so everything is being uploaded.

Bring logs entries, so does Google and Yahoo!.

This being said, everyone who is tripping on Microsoft right now because of Windows 10, but wasn't over the other companies before that is pretty much selfish and ignorant of what they are talking about.

Edit:

http://arstechnica.com/information-technology/2013/09/why-the-nsa-loves-googles-chromebook/
http://www.forbes.com/sites/theopriestley/2015/08/24/did-apple-lie-about-your-privacy/

Edited by Aura, 05 September 2015 - 12:12 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 rp88

rp88

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:14 AM

Posted 05 September 2015 - 12:20 PM

Sorry, I was referring to google's online services in my post, I had forgotten about chromebooks.


Another thing to note ofcourse is that in the past microsoft didn't do this, XP was free of this, windows 7 seems free of it and windows 8/8.1 didn't contain much of it unless a user allowed all the updates and used an ms account, and linux doesn't do this. So just because chromebooks and apple computers have snooping feaures in them doesn't mean that it is right for microsoft to do this, because the examples of previous windows operating systems prove it is possible for operating system makers to profit without using snooping, and the examples of linux prove it is possible to make a modern OS without any snooping features.

Edited by rp88, 05 September 2015 - 12:21 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:03:14 AM

Posted 05 September 2015 - 12:23 PM

Once again, this isn't what I said. I don't think Microsoft should do it because "everyone else does it", what I'm saying is that I don't understand why it's such a big deal right now, when other companies have been doing it for years and yet no one ever complained that much. That's why I think some users here are selfish and totally unaware of how the computing world really works.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 rp88

rp88

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:14 AM

Posted 05 September 2015 - 12:37 PM

I must agree that others who are doing it should be considered equally for it, And I must say I don't know why others doing it haven't been the subject of so many* of these sorts of debates before:

Maybe it's a matter of timing.

Maybe people somehow just notice it more when a company starts doing it that when a company has been doing it all along.

Maybe the controversy is due to the fact that people on older windows systems now feel more threatened, because apple and google doing it didn't affect them, whereas ms doing it means that ms might start doing it to older systems and that users fear they might be forcibly "upgraded".

Maybe people feel more threatened when a company with such a large share of the operating system market starts it (apple computers and chromebooks are far less common than windows computers).

In the end I don't know why other companies didn't get the same level of criticism for it, but just because they didn't doesn't mean that it is ok. Maybe they deserve more criticism for that, but I don't think that ms deserves less criticism for this.

*I have noticed that, on this forum atleast, the numbers of such discussions have been gradually declining over the last two or so weeks, so maybe another cause for all this debate is the big hyped matter of a release date, whereas other companies didn't have a specific date on which this sort of thing suddenly appeared.

Edited by rp88, 05 September 2015 - 12:39 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#14 deresahatar

deresahatar

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 05 September 2015 - 01:05 PM

Sorry, I was referring to google's online services in my post, I had forgotten about chromebooks.


Another thing to note ofcourse is that in the past microsoft didn't do this, XP was free of this, windows 7 seems free of it and windows 8/8.1 didn't contain much of it unless a user allowed all the updates and used an ms account, and linux doesn't do this. So just because chromebooks and apple computers have snooping feaures in them doesn't mean that it is right for microsoft to do this, because the examples of previous windows operating systems prove it is possible for operating system makers to profit without using snooping, and the examples of linux prove it is possible to make a modern OS without any snooping features.

 

Windows 7 and to a lesser extent Windows 8.x used to be free from MS telemetry collections. Unfortunately, they had been retrofitted via "important" Windows updates that can be removed:

 

http://www.sevenforums.com/general-discussion/379888-telemetry-windows-7-a.html

 

Windows versions prior to W7 had not been retrofitted.

 

And don't think that Linux platform does not have its share of snooping on the users:

 

http://www.neowin.net/news/richard-stallman-accuses-ubuntu-of-spying-on-users..

 

 

 

 

 

 



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:03:14 AM

Posted 05 September 2015 - 01:10 PM

Maybe the controversy is due to the fact that people on older windows systems now feel more threatened, because apple and google doing it didn't affect them, whereas ms doing it means that ms might start doing it to older systems and that users fear they might be forcibly "upgraded".


That's the thing with our society. The population only complains when it affects them directly, but when it affects the others, they do not care. Hence why I used the word "selfish" in my previous posts.

*I have noticed that, on this forum atleast, the numbers of such discussions have been gradually declining over the last two or so weeks, so maybe another cause for all this debate is the big hyped matter of a release date, whereas other companies didn't have a specific date on which this sort of thing suddenly appeared.


Mostly because the main threads about this issue have been closed, and the users starting such debates have probably been warned to not derail threads anymore on this matter.

deresahatar, here's the right link for your article:

http://www.neowin.net/news/richard-stallman-accuses-ubuntu-of-spying-on-users

And Ubuntu became like that since it partenered with Amazon. /g/ calls it the "Amazon Botnet".

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users